CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38285 – Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38285
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. Los registros que almacenan credenciales no están suficientemente protegidos y pueden decodificarse mediante el uso de herramientas de código abierto. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38284 – Authentication Bypass by Capture-replay in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38284
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. Los datos transmitidos se registran entre el dispositivo y el servicio backend. Un atacante podría utilizar estos registros para realizar un ataque de repetición para replicar llamadas. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38283 – Missing Encryption of Sensitive Data in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38283
Sensitive customer information is stored in the device without encryption. La información confidencial del cliente se almacena en el dispositivo sin cifrado. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38282 – Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38282
Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. Al utilizar las credenciales predeterminadas, un atacante puede iniciar sesión en el sistema operativo de la cámara, lo que podría permitir realizar cambios en las operaciones o apagar la cámara, lo que requeriría un reinicio físico del sistema. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38281 – Use of Hard-coded Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38281
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. Un atacante puede acceder a la consola de mantenimiento utilizando credenciales codificadas para una red inalámbrica oculta en el dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-798: Use of Hard-coded Credentials •